Split documentation

2017-10-13 10:55:03 -03:00 · 2017-10-13 10:55:03 -03:00 · a9168f276e
commit a9168f276e
parent a18daabc51
144 changed files with 1780 additions and 3789 deletions
--- a/docs/examples/multi-tls/README.md
+++ b/docs/examples/multi-tls/README.md
@ -0,0 +1,94 @@
+# Multi TLS certificate termination
+
+This example uses 2 different certificates to terminate SSL for 2 hostnames.
+
+1. Deploy the controller by creating the rc in the parent dir
+2. Create tls secrets for foo.bar.com and bar.baz.com as indicated in the yaml
+3. Create multi-tls.yaml
+
+This should generate a segment like:
+```console
+$ kubectl exec -it nginx-ingress-controller-6vwd1 -- cat /etc/nginx/nginx.conf | grep "foo.bar.com" -B 7 -A 35
+    server {
+        listen 80;
+        listen 443 ssl http2;
+        ssl_certificate /etc/nginx-ssl/default-foobar.pem;
+        ssl_certificate_key /etc/nginx-ssl/default-foobar.pem;
+
+
+        server_name foo.bar.com;
+
+
+        if ($scheme = http) {
+            return 301 https://$host$request_uri;
+        }
+
+
+
+        location / {
+            proxy_set_header Host                   $host;
+
+            # Pass Real IP
+            proxy_set_header X-Real-IP              $remote_addr;
+
+            # Allow websocket connections
+            proxy_set_header                        Upgrade           $http_upgrade;
+            proxy_set_header                        Connection        $connection_upgrade;
+
+            proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Host       $host;
+            proxy_set_header X-Forwarded-Proto      $pass_access_scheme;
+
+            proxy_connect_timeout                   5s;
+            proxy_send_timeout                      60s;
+            proxy_read_timeout                      60s;
+
+            proxy_redirect                          off;
+            proxy_buffering                         off;
+
+            proxy_http_version                      1.1;
+
+            proxy_pass http://default-http-svc-80;
+        }
+```
+
+And you should be able to reach your nginx service or http-svc service using a hostname switch:
+```console
+$  kubectl get ing
+NAME      RULE          BACKEND   ADDRESS                         AGE
+foo-tls   -                       104.154.30.67                   13m
+          foo.bar.com
+          /             http-svc:80
+          bar.baz.com
+          /             nginx:80
+
+$ curl https://104.154.30.67 -H 'Host:foo.bar.com' -k
+CLIENT VALUES:
+client_address=10.245.0.6
+command=GET
+real path=/
+query=nil
+request_version=1.1
+request_uri=http://foo.bar.com:8080/
+
+SERVER VALUES:
+server_version=nginx: 1.9.11 - lua: 10001
+
+HEADERS RECEIVED:
+accept=*/*
+connection=close
+host=foo.bar.com
+user-agent=curl/7.35.0
+x-forwarded-for=10.245.0.1
+x-forwarded-host=foo.bar.com
+x-forwarded-proto=https
+
+$ curl https://104.154.30.67 -H 'Host:bar.baz.com' -k
+<!DOCTYPE html>
+<html>
+<head>
+<title>Welcome to nginx on Debian!</title>
+
+$ curl 104.154.30.67
+default backend - 404
+```
--- a/docs/examples/multi-tls/multi-tls.yaml
+++ b/docs/examples/multi-tls/multi-tls.yaml
@ -0,0 +1,120 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx
+  labels:
+    app: nginx
+spec:
+  ports:
+  - port: 80
+    targetPort: 80
+    protocol: TCP
+    name: http
+  selector:
+    app: nginx
+---
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: nginx
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: gcr.io/google_containers/nginx
+        ports:
+        - containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: http-svc
+  labels:
+    app: http-svc
+spec:
+  ports:
+  - port: 80
+    targetPort: 8080
+    protocol: TCP
+    name: http
+  selector:
+    app: http-svc
+---
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: http-svc
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: http-svc
+    spec:
+      containers:
+      - name: http-svc
+        image: gcr.io/google_containers/echoserver:1.8
+        ports:
+        - containerPort: 8080
+        env:
+          - name: NODE_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: spec.nodeName
+          - name: POD_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          - name: POD_IP
+            valueFrom:
+              fieldRef:
+                fieldPath: status.podIP
+        
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: foo-tls
+  namespace: default
+spec:
+  tls:
+  - hosts:
+    - foo.bar.com
+    # This secret must exist beforehand
+    # The cert must also contain the subj-name foo.bar.com
+    # You can create it via:
+    # make keys secret SECRET=/tmp/foobar.json HOST=foo.bar.com NAME=foobar
+    # https://github.com/kubernetes/ingress/tree/master/controllers/gce/examples/https
+    secretName: foobar
+  - hosts:
+    - bar.baz.com
+    # This secret must exist beforehand
+    # The cert must also contain the subj-name bar.baz.com
+    # You can create it via:
+    # make keys secret SECRET=/tmp/barbaz.json HOST=bar.baz.com NAME=barbaz
+    # https://github.com/kubernetes/ingress/tree/master/controllers/gce/examples/https
+    secretName: barbaz
+  rules:
+  - host: foo.bar.com
+    http:
+      paths:
+      - backend:
+          serviceName: http-svc
+          servicePort: 80
+        path: /
+  - host: bar.baz.com
+    http:
+      paths:
+      - backend:
+          serviceName: nginx
+          servicePort: 80
+        path: /